Remote Code Execution (RCE)

MuPDF is vulnerable to remote code execution RCE attacks. A malicious user can pass a malicious pdf file to the pdflookupcmapfull function in pdf-cmap.c to cause a stack buffer overflow that can lead to arbitrary code being executed...

Denial Of Service (DoS)

MuPDF is vulnerable to denial of service DoS attacks. A malicious user can pass a malicious pdf file to the fzskipspace function in pdf-xref.c to cause an infinite loop that can cause the application to crash...

openSUSE Security Update : mupdf (openSUSE-2018-592)

This update for mupdf fixes the following security issue : - CVE-2018-1000051: Prevent use after free in fzkeepkeystorable that can result in DOS / possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF bsc1080531. %NASLMINLEVEL 70300 C Tenable...

Security update for mupdf (moderate)

This update for mupdf fixes the following security issue: - CVE-2018-1000051: Prevent use after free in fzkeepkeystorable that can result in DOS / possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF bsc1080531...

mupdf/pdf_fuzzer: Use-of-uninitialized-value in jbig2_decode_mmr_line

Project: git://git.ghostscript.com/mupdf.git Detailed report: https://oss-fuzz.com/testcase?key=5657774993178624 Project: mupdf Fuzzer: libFuzzermupdfpdffuzzer Fuzz target binary: pdffuzzer Job Type: libfuzzermsanmupdf Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash...

Denial Of Service (DoS)

MuPDF is vulnerable to denial of service DoS. The attack can be launched because PDF parser has multiple reachable assertions which can be introduced by sending a malicious file...

Denial Of Service (DoS)

MuPDF is vulnerable to denial of service DoS. The attacker can launch the attack by sending a malicious file to the doscavengingmalloc in the PDF parser...

MuPDF Memory Disclosure Vulnerability

Artifex MuPDF is the United States Artifex Software, Inc. of a free, lightweight PDF reader. PDF parser is one of the PDF parser. Artifex MuPDF 1.12.0 and previous versions of the PDF parser has a security vulnerability. An attacker can exploit this vulnerability to cause a denial of service memo...

MuPDF Denial of Service Vulnerability (CNVD-2018-10365)

Artifex MuPDF is the United States Artifex Software, Inc. of a free, lightweight PDF reader. PDF parser is one of the PDF parser. Artifex MuPDF 1.12.0 and previous versions of the PDF parser has a security vulnerability. An attacker can exploit this vulnerability to cause a denial of service...

Artifex MuPDF Memory Misreference Vulnerability

Artifex MuPDF is the United States Artifex Software, Inc. of a free, lightweight PDF reader. PDF parser is one of the PDF parser. Artifex MuPDF 1.12.0 and previous versions of the PDF parser memory misreference vulnerability. An attacker can exploit this vulnerability to execute arbitrary code,...

MuPDF Stack Buffer Overflow Vulnerability

MuPDF is a free and open source software library written in C, is the PDF and XPS parsing and rendering engine . A stack buffer overflow vulnerability exists in the pdflookupcmapfull function in pdf/pdf-cmap.c in MuPDF 1.12.0 and earlier versions. An attacker can exploit this vulnerability to...

CVE-2018-1000040

In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service crash or influence program flow via a crafted file...

CVE-2018-1000040

In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service crash or influence program flow via a crafted file...

DEBIAN-CVE-2018-1000040

In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service crash or influence program flow via a crafted file...

CVE-2018-1000036

In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service memory leak via a crafted file...

CVE-2018-1000039

In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file...

CVE-2018-1000040

In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service crash or influence program flow via a crafted file...

UBUNTU-CVE-2018-1000040

In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service crash or influence program flow via a crafted file...

CVE-2018-1000037

In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service assert crash via a crafted file...

CVE-2018-1000038

In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdflookupcmapfull in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file...